cb8a7c1a636b6191ddcf4254ceb0f4a03ec92a9cd6c71df2802b1e8d5f36f266

Sharing

Copy URL Twitter E-mail

General

Target

cb8a7c1a636b6191ddcf4254ceb0f4a03ec92a9cd6c71df2802b1e8d5f36f266
Size

1.3MB
MD5

e3ade542af793ba7c9d985641c557b01
SHA1

c3749031e54042197868ceefa2e7904b48375855
SHA256

cb8a7c1a636b6191ddcf4254ceb0f4a03ec92a9cd6c71df2802b1e8d5f36f266
SHA512

585f578af61a5de0cc7a664d13ae48feb21682ed28059c961c472e673e929b355b003cc8a537de61ea90330e96ced5a14def12fdf25da48398638c10f88a3ca9
SSDEEP

24576:mGwurzHAIEoKuX27G+M3PvUJzDYE8UTajCxIEt3cuCfxHle:LwurzgIQuX2sHUJE9UTKFCcu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb8a7c1a636b6191ddcf4254ceb0f4a03ec92a9cd6c71df2802b1e8d5f36f266

Files

cb8a7c1a636b6191ddcf4254ceb0f4a03ec92a9cd6c71df2802b1e8d5f36f266
.exe windows:5 windows x64 arch:x64

4538da287cc6879476666dd82bfa1ab3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\Work\haozip\bin\x64\release\pdb\HaoZipCD.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
ResumeThread
ReadFile
WriteFile
SetFileTime
SetFilePointer
SetEndOfFile
GetFileSize
GetFileTime
InitializeCriticalSection
LoadLibraryA
HeapFree
OpenProcess
HeapAlloc
LocalFree
GetProcessHeap
LockResource
GetSystemInfo
LoadResource
lstrcmpiW
GetEnvironmentVariableW
lstrcatW
FormatMessageW
FindNextFileW
FindClose
CreateDirectoryW
GetFullPathNameW
GetTempPathW
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
GetWindowsDirectoryW
CopyFileW
GetTempFileNameW
MoveFileW
GetFileSizeEx
QueryDosDeviceW
GetCurrentProcess
GetCurrentProcessId
GetLogicalDriveStringsW
GetTickCount
GlobalMemoryStatusEx
RtlVirtualUnwind
GetACP
MapViewOfFile
DeviceIoControl
CreateFileMappingW
WriteConsoleW
ReadConsoleW
SetStdHandle
lstrcpyW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapSize
GetFileType
HeapReAlloc
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetConsoleCtrlHandler
RtlPcToFileHeader
RtlUnwindEx
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
RtlUnwind
GetLocaleInfoW
LCMapStringW
CompareStringW
UnmapViewOfFile
GetFileAttributesExW
CreateFileW
GetLongPathNameW
FindFirstFileW
LoadLibraryExW
GetModuleFileNameW
ReleaseMutex
CreateMutexW
Sleep
GetVersionExW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
LoadLibraryW
GetFileAttributesW
ResetEvent
CreateEventW
SetEvent
WaitForSingleObject
FileTimeToSystemTime
GetVolumeInformationW
WaitForMultipleObjects
GetModuleHandleW
MoveFileExW
FindResourceW
CloseHandle
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
lstrlenW
FreeLibrary
DeleteCriticalSection
GetProcAddress
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount

user32

GetClassLongW
FillRect
IsMenu
CopyRect
DrawStateW
GetSysColor
DrawIconEx
GetMenuItemInfoW
GetMenuItemCount
SetMenuItemInfoW
SystemParametersInfoW
ShowScrollBar
GetDC
SetScrollRange
GetWindowLongW
GetWindow
GetWindowRect
SetWindowPos
MessageBoxW
MonitorFromWindow
EndDialog
GetMonitorInfoW
MapWindowPoints
GetClientRect
GetDlgItem
DefWindowProcW
GetMenuState
CallWindowProcW
DestroyWindow
CreateWindowExW
GetSystemMetrics
CreatePopupMenu
GetWindowLongPtrW
RegisterClassExW
TrackPopupMenu
GetSubMenu
IsWindow
SetTimer
DestroyIcon
DestroyMenu
LoadCursorW
GetWindowDC
wsprintfW
CheckMenuItem
AppendMenuW
DrawTextW
SetRect
KillTimer
PostQuitMessage
GetClassInfoExW
RegisterWindowMessageW
SetForegroundWindow
ReleaseDC
GetCursorPos
GetMessageW
SetWindowLongPtrW
SendMessageW
LoadStringW
GetActiveWindow
DispatchMessageW
PeekMessageW
TranslateMessage
LoadIconW
DialogBoxParamW
UnregisterClassW
GetParent

gdi32

BitBlt
CreateCompatibleBitmap
GetBkMode
CreateCompatibleDC
SetTextColor
SetBkMode
CreatePen
SetViewportOrgEx
GetObjectW
SetBkColor
CreateSolidBrush
GetCurrentObject
ExtTextOutW
GetTextMetricsW
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
GetUserNameW
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize

shlwapi

StrCpyNW

comctl32

ImageList_Remove
ImageList_GetIcon
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetIconSize

Sections

.text
Size: 903KB - Virtual size: 903KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4538da287cc6879476666dd82bfa1ab3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 903KB - Virtual size: 903KB

.rdata Size: 319KB - Virtual size: 319KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 47KB - Virtual size: 47KB

.rsrc Size: 20KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 903KB - Virtual size: 903KB

.rdata
Size: 319KB - Virtual size: 319KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 20KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 4KB